Small to midsize businesses that handle financial data are particularly susceptible to cybersecurity breaches. As part of the insurance community, you most certainly have extensive measures in place to make sure customer data is secure in your organization. But have you taken the further step to verify that all your third-party vendors have plans in place to secure their systems?
Common sense says that the more connected we are, sharing data through cloud computing, the more vulnerable the complete ecosystem of business has become. We frequently read news reports of cybersecurity breaches by third-party vendors. And reports show that data breaches are an average of $700,000 more costly when a third-party is involved. For example, the Health Share of Oregon exposed the personal identifiable information (PII) of more than 650,000 members when a third-party vendor’s vehicle was broken into and a laptop stolen. GE suffered a data breach of personal identifiable information (PII) for more than 200,000 employees due to a compromised third-party email account.
Yet in a survey by Ponemon Institute, 60% of the respondents said their businesses tend to focus on response to threats because they believe prevention is too hard to accomplish. At MGA Systems, we believe that’s simply not enough. In a world with ever-growing cyber security threats, we have both proactive and reactive plans in place to ensure the protection against the vulnerabilities of electronic data.
Following the cybersecurity framework of the National Institute of Standards and Technology (NIST) and the guidelines of New York Department of Financial Services 23 NYCRR 500, MGA Systems designed a robust cyber security program to protect the confidentiality, availability and integrity of its data as well as its customers’ data. We also have a vendor management program to ensure our third-party partners have a cyber posture like ours.
We encourage businesses to review cyber security risks regularly. Use this checklist to focus on your third-party business partners and ensure they:
- Protect access to production data both by physically securing the environment and logically securing access to servers, software and networks.
- Encrypt all non-public information in transit and at rest.
- Use multi-factor authentication as part of their access control policy.
- Have an incident response plan in place to prevent, report, respond to and recover from a cybersecurity incident.
- Use a business continuity plan to ensure operations continue despite disaster (such as a security breach).
MGA Systems values the relationships we build with our customers and believes a strong security program fosters trust. We also value the third-party partners that provide us services and integration options for our customers. If you have any questions about our cybersecurity or business continuity policies and programs, please give us a call at (877) 790‑1114 or contact us here and ask to speak with our CIO.